EE E SpringerBriefs in Computer Science E Forothertitlespublishedinthisseries,goto www.springer.com/series/10028 Angelos D. Keromytis Voice over IP Security A Comprehensive Survey of Vulnerabilities and Academic Research Angelos D. Keromytis Department of Computer Science Mail Code 0401 Columbia University 1214 Amsterdam Avenue 10027 New York USA [email protected] ISSN 2 191-5768 e-ISSN 2191-5776 ISBN 978-1-4419-9865-1 e-ISBN 978-1-4419-9866-8 DOI 10.1007/978-1-4419-9866-8 Springer New York Dordrecht He idelberg London Library of Congress Control Number: 2011926000 © The Author, 2011 All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. Printed on acid-free paper Springer is part of Springer Science+Business Media (www.springer.com) Tothefourwomeninmylife:Elizabeth, Penelope,JuliaandSia.Andtomydad, Dennis. Preface When I decided to do a sabbatical with Symantec Research Labs Europe in the beautiful French Riviera, I was asked to work on a project about Voice over IP (VoIP) security. The goal of the VAMPIRE Project1 was to understand the threats andvulnerabilitiesofVoIPsystems,andtoinformthedirectionoffurtherresearch efforts. Although I was interested in this problem space, I only knew the subject from the point of view of a security researcher who has not studied VoIP itself in any great depth. As such, this project served as an ideal vehicle in educating me aboutVoIPsecurity. This book is the result of more than 18 months’ work to learn what the chal- lengesandopportunitiesareinsecuringVoIP.Itisprimarilyaddressedtostudents andresearcherswhowanttolearnaboutVoIPsecurity,andismeantasbothanin- troduction to the problem space and an extensive reference to related work as of early 2011. It is also intended as a case study on how to approach and map out a newresearcharea. Thestructureofthisbookreflectsmylearningprocess.Westartbylearningthe layoftheland(OverviewofVoIPSystems).Wethenproceedtofindoutwhatactual problems are encountered by VoIP systems by looking at reported vulnerabilities (Survey and Analysis of VoIP/IMS Vulnerabilities). Finally, we explore as much of the prior work in this space as I could find (Survey of VoIP Security Research Literature).Thebookconcludeswithsomecomparativeanalysisandpracticalrec- ommendationsforsecuringVoIPsystemsandinfrastructures. Thisworkwouldnothavebeenpossiblebutforthesupportofseveralpeople.I wouldliketothankMarcDacier,notonlyforarrangingandmanagingmysabbatical at Symantec, but also for being a great colleague and friend. Thanks to Corrado Leita for sharing his office with me during that time, serving as a listening board, offeringthoughtfulsuggestions,andgenerallyputtingupwithme.ThankstoSusan 1TheprojectwasfundedbytheAgenceNationaledelaRecherche,theFrenchequivalentofthe U.S.NationalScienceFoundation.TheoveralleffortwasledbyINRIANancy,withEurecom,Or- angeLabs,andSymantecResearchLabsEuropeaspartners.Seehttp://vampire.gforge. inria.fr/formoredetails. vii viii Preface Lagerstrom-Fife,JenniferEvansandJenniferMaureratSpringerforsuggestingthis projectandmakingtheprocesseasy. Finally, thanks to my wife, Elizabeth, and two daughters, Penelope and Julia, fortoleratingmyworkscheduleandquirkinessduring(andbefore)theconductof the work and the authoring of this book2. I’m sure you’ll have to put up with me afterwardstoo! NewYork,14February2011 AngelosD.Keromytis 2 Forexample,notethedateofthisforeword.Whoeverwritesaprefaceat1amonValentine’s Day? Contents Acronyms ......................................................... xi 1 Introduction................................................... 1 1.1 MotivationandBackground.................................. 1 1.2 WhatThisBookisAbout.................................... 3 1.2.1 Organization ........................................ 4 2 OverviewofVoIPSystems ...................................... 5 2.1 SessionInitiationProtocol ................................... 6 2.2 UnlicensedMobileAccess................................... 10 2.3 OtherVoIPSystems ........................................ 11 3 SurveyandAnalysisofVoIP/IMSVulnerabilities .................. 13 3.1 SurveyofDisclosedVulnerabilities ........................... 16 3.2 AnalysisoftheVulnerabilitySurvey........................... 20 4 SurveyofVoIPSecurityResearchLiterature...................... 27 4.1 CollectionMethodology..................................... 27 4.2 ExtendedVoIPSAClassification .............................. 28 4.3 SurveyofVoIPSecurityResearch............................. 29 4.3.1 VoIPSA-basedClassification(111items) ................ 29 4.3.2 AdditionalCategories(134items) ...................... 44 5 ComparativeAnalysis .......................................... 57 5.1 RecommendationsforSecuringVoIPSystems .................. 59 6 Conclusions ................................................... 61 References......................................................... 63 ix